I'm looking for a provider or some type of programmatic access to beable to map which URL's in my website need authentication. Using the web.config does not give me a real time way to say which URL's are authorized. Many of the URL's in our website are dynamic and allow dynamic authorization...more >>

I am trying to use a custom role provider (along with custom membership/profile providers) to secure some sections of our website.For testing purposes I have implemented a very basic role provider as shown in the code below. In the website I have test.aspx under secure folder and I use <locatio...more >>

Hi, In my application, I am using a .net wrapper class (a dll) which internally calls the Win32 DP API for encryption and decryption. Now, my client has following queries: 1. Since the encryption Key is managed by Windows internally what is the security of the Key used for encryption? ...more >>

Hi! I am trying to write a simple public web application (internet) where the root is public (anonymous) and where I have a subfolder called admin where a few aspx-pages should be restricted to one user. In dotnet 1.1 (or was it 2.0 beta) I had this funcionality using Authentication mode se...more >>

I know this is an asp.net question but I've had no answers there. How do you start a new visible process from a asp.net page? I can use: System.Diagnostics.Process.Start ("mspaint.exe"); from Main() in console application and it works fine. When I put it in the Page_Load procedure of ...more >>

I am trying to design a login system, but I am running in to a couple of design issues. All tips are welcome. There are two principals that need to access the system: employees and clients. Clients login at clients.example.com. Employees login at employees.example.com. First design issu...more >>

Hi i've made a loginpage and a protected one. If the user tries to enter the protected page he gets redirected to the loginpage and at this point everything works fine. But when the user goes directly to the loginpage and types his pasword it fails to login. it tried to solve this with foll...more >>

hello, i would like to implement a secure web service based on the active directory, without using HTTPS / SSL, using the Kerberos mechanism. As documentation mentions - Checking "Windows Integrated" & attaching CredentialCache.DefaultCredentails to the web service will suffice (will use th...more >>

Re: system.security.securityexception [CAS error message] The program I have written [works just fine in the My Computer Zone] requires "Full Trust" to run and will throw a security exception if a user tries to load it while working in the Intranet Zone, i.e., on a LAN. I am tryin...more >>

Hello, I'm using windows authentication to authenticate users to my site. I now want to 1. Add the ability of listing domain users (From Active Directory) 2. Filter the user list based on the roles (or groups) assigned to them (via Active Directory). Any help would be greatly appreciated...more >>

I want my site to remember users when they come back without requiring them to login again (assuming they checked "remember me" on the login control). I've tried increasing the timeouts to 3000000+ but it still requires users to login if the session times out (roughly 30 minutes or so). Wha...more >>

I can use aspnet_setreg to securely store the credentials to be used by the ASPNET identity, but can the same technique be used to store data for other custom config keys? i.e., does ASP.Net understand what to do if I have this in the web.config? <appSettings> <add key="myUser" value...more >>

I've been involved in building an application in ASP.NET which has utilised application pools in IIS6 to allow the site to run under the credentials of a domain user and authenticate with SQL Server. Having recently rolled this application out to a number of sites, we have encountered a pro...more >>

Hi, I am trying to make my own website which is using an SQL Express MDF db for membership with the default SQL Membership Provider running on a cheap server which does not offer the SQL server, but only Access (MDB) connection. I have found an example by Microsoft (SampleAccessProviders.vs...more >>

Hi all, I'm trying to save an uploaded file to a share on another computer in the domain. If I use the <identity impersonate ..... /> tag in the web.config and enter the credentials of a domain user which has sufficient rights on that share it works fine. However I don't need (and want) ...more >>